Differences

This shows you the differences between two versions of the page.

--- build:logging [2005/03/04 09:08]
24.217.122.10
+++ build:logging [2018/05/28 02:10] (current)
SLUUG Administration [logrotate.conf]
@@ Line 1: / Line 1: @@
 ====== Logging ======
-what is logged, to where, reports, and to whom
+What is logged, to where, reports, and to whom.
 ===== Access =====
 ===== Installation =====
-==== syslog.conf ====
+Installed as the default Debian logging setup.
-#  /etc/syslog.conf	Configuration file for syslogd.
-#
-#			For more information see syslog.conf(5)
-#			manpage.
-#
-# First some standard logfiles.  Log by facility.
-#
-auth,authpriv.*			/var/log/auth.log
+==== /etc/klogd/default ====
-*.*;auth,authpriv.none		-/var/log/syslog
-#cron.*				/var/log/cron.log
-daemon.*			-/var/log/daemon.log
-kern.*				-/var/log/kern.log
-lpr.*				-/var/log/lpr.log
-mail.*				-/var/log/mail.log
-user.*				-/var/log/user.log
-uucp.*				/var/log/uucp.log
-#
+Change KLOGD line to read:
-# Logging for the mail system.  Split it up so that
+<file>
-# it is easy to write scripts to parse these files.
+KLOGD="-c 5"
-#
+</file>
-mail.info			-/var/log/mail.info
+to turn off console messages for lower priority messages.
-mail.warn			-/var/log/mail.warn
-mail.err			/var/log/mail.err
-# Logging for INN news system
+Technically, we should be changing the ''kernel.printk'' line in ''/etc/sysctl.conf'' instead, but that has not yet been tested.
-#
-news.crit			/var/log/news/news.crit
-news.err			/var/log/news/news.err
-news.notice			-/var/log/news/news.notice
-#
-# Some `catch-all' logfiles.
-#
-*.=debug;\
-	auth,authpriv.none;\
-	news.none;mail.none	-/var/log/debug
-*.=info;*.=notice;*.=warn;\
-	auth,authpriv.none;\
-	cron,daemon.none;\
-	mail,news.none		-/var/log/messages
-#
+==== logrotate.conf ====
-# Emergencies are sent to everybody logged in.
-#
-*.emerg				*
-#
+Edit ''/etc/logrotate.conf'' to change the ''rotate'' option for ''/var/log/wtmp'' from ''1'' to ''25'', and ''/var/log/btmp'' from ''1'' to ''13''.
-# I like to have messages displayed on the console, but only on a virtual
-# console I usually leave idle.
-#
-#daemon,mail.*;\
-#	news.=crit;news.=err;news.=notice;\
-#	*.=debug;*.=info;\
-#	*.=notice;*.=warn	/dev/tty8
-# The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
+=== Later changes and corrections ===
-# you must invoke `xconsole' with the `-file' option:
-#
-#    $ xconsole -file /dev/xconsole [...]
-#
-# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
-#      busy site..
-#
-daemon.*;mail.*;\
-	news.crit;news.err;news.notice;\
-	*.=debug;*.=info;\
-	*.=notice;*.=warn	|/dev/xconsole
+Add option ''dateext'' to change the naming convention of adding
+generation numbers ".1", ".2", etc. to  the "-yyyymmdd" format.
+Also manually rename all existing log files to the new format.
+Note this is the default in later releases.
+Fix incorrect permissions for the ''/var/log/btmp'' entry
+from ''0660'' to ''0600''.
+Also chmod existing files to make the same change.
+This is a well known bug fixed in later releases, but should be verified.
+==== syslog.conf ====
-===== System Changes =====
+Everything at level of info other than kern.info and mail.info goes to /var/log/messages. That was accomplished with:
-//Please post changes here in the format of:  [H4] date|your name [/H4] [CR]description of chages made//
-=== Feburary 19 2005 | Install Group ===
+  news.info;daemon.info;\
-Initial instalation of default Debian logging.
+        auth.info;authpriv.info;\
+        cron.info;syslog.info;\
+        user.info               -/var/log/messages
+OLD:
+  #  /etc/syslog.conf	Configuration file for syslogd.
+  #
+  #			For more information see syslog.conf(5)
+  #			manpage.
+  #
+  # First some standard logfiles.  Log by facility.
+  #
+  auth,authpriv.*			/var/log/auth.log
+  *.*;auth,authpriv.none		-/var/log/syslog
+  #cron.*				/var/log/cron.log
+  daemon.*			-/var/log/daemon.log
+  kern.*				-/var/log/kern.log
+  lpr.*				-/var/log/lpr.log
+  mail.*				-/var/log/mail.log
+  user.*				-/var/log/user.log
+  uucp.*				/var/log/uucp.log
+  #
+  # Logging for the mail system.  Split it up so that
+  # it is easy to write scripts to parse these files.
+  #
+  mail.info			-/var/log/mail.info
+  mail.warn			-/var/log/mail.warn
+  mail.err			/var/log/mail.err
+  # Logging for INN news system
+  #
+  news.crit			/var/log/news/news.crit
+  news.err			/var/log/news/news.err
+  news.notice			-/var/log/news/news.notice
+  #
+  # Some `catch-all' logfiles.
+  #
+  *.=debug;\
+  	auth,authpriv.none;\
+  	news.none;mail.none	-/var/log/debug
+  *.=info;*.=notice;*.=warn;\
+  	auth,authpriv.none;\
+  	cron,daemon.none;\
+  	mail,news.none		-/var/log/messages
+  #
+  # Emergencies are sent to everybody logged in.
+  #
+  *.emerg				*
+  #
+  # I like to have messages displayed on the console, but only on a virtual
+  # console I usually leave idle.
+  #
+  #daemon,mail.*;\
+  #	news.=crit;news.=err;news.=notice;\
+  #	*.=debug;*.=info;\
+  #	*.=notice;*.=warn	/dev/tty8
+  # The named pipe /dev/xconsole is for the `xconsole' utility.  To use it,
+  # you must invoke `xconsole' with the `-file' option:
+  #
+  #    $ xconsole -file /dev/xconsole [...]
+  #
+  # NOTE: adjust the list below, or you'll go crazy if you have a reasonably
+  #      busy site..
+  #
+  daemon.*;mail.*;\
+  	news.crit;news.err;news.notice;\
+  	*.=debug;*.=info;\
+  	*.=notice;*.=warn	|/dev/xconsole
+===== Reporting =====
 ===== TODO =====
+  * Setup daily system checks such as
+  - Root Kit Hunter http://www.rootkit.nl/projects/rootkit_hunter.html
+  - logwatch http://www2.logwatch.org:81/
+  - ckrootkit http://www.chkrootkit.org/
+  * Enable tripwire
+  * Determine what admins are to recieve daily log reports
 ===== Credits =====

SLUUG Wiki

User Tools

Site Tools

Differences

Page Tools